1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
From 18d864774916865ec44ccd011a4caf730943f0e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
Date: Mon, 20 Apr 2020 23:56:48 +0200
Subject: [PATCH] Fix sandbox 'Aw, snap' for syscalls 403 and 407
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* syscall 403: reported by ArchLinux users [1-2]
* syscall 407: reported by me [3]
Looking at [4-5] it seems that glibc (>=2.31?) introduced extra syscalls for
32Bit systems to handle time64:
* __NR_clock_gettime -> __NR_clock_gettime64
* __NR_clock_nanosleep -> __NR_clock_nanosleep_time64
To fix
| ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0403
| ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall 0407
we handle new systemcalls in the same way as 64bit systems do and 32bit systems
did before glibc 2.31.
[1] https://bugs.archlinux32.org/index.php?do=details&task_id=105
[2] https://bbs.archlinux32.org/viewtopic.php?id=2897
[3] https://github.com/OSSystems/meta-browser/issues/357
[4] https://sourceware.org/git/?p=glibc.git;a=commit;h=2e44b10b42d68d9887ccab17b76db5d7bbae4fb6
[5] https://github.com/bminor/glibc/blob/019d828669df966dc4ef2684fce0b1c17bef9aae/sysdeps/unix/sysv/linux/clock_gettime.c#L30
Upstream Status: Pending [Have no idea where to send this]
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
---
sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 9 ++++++++-
.../syscall_parameters_restrictions_unittests.cc | 6 ++++++
sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc | 6 ++++++
sandbox/linux/system_headers/arm_linux_syscalls.h | 8 ++++++++
sandbox/linux/system_headers/mips_linux_syscalls.h | 8 ++++++++
5 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 768025ce1..87025d917 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -148,7 +148,14 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
return Allow();
#endif
- if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
+ if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep
+#if defined(__NR_clock_gettime64)
+ || sysno == __NR_clock_gettime64
+#endif
+#if defined(__NR_clock_nanosleep_time64)
+ || sysno == __NR_clock_nanosleep_time64
+#endif
+ ) {
return RestrictClockID();
}
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
index b6c8c6377..245bc7131 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
@@ -60,6 +60,12 @@ class RestrictClockIdPolicy : public bpf_dsl::Policy {
case __NR_clock_gettime:
case __NR_clock_getres:
case __NR_clock_nanosleep:
+#if defined(__NR_clock_nanosleep_time64)
+ case __NR_clock_nanosleep_time64:
+#endif
+#if defined(__NR_clock_gettime64)
+ case __NR_clock_gettime64:
+#endif
return RestrictClockID();
default:
return Allow();
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
index d9d18822f..8bc262235 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -39,6 +39,12 @@ bool SyscallSets::IsAllowedGettime(int sysno) {
// filtered by RestrictClokID().
case __NR_clock_gettime: // Parameters filtered by RestrictClockID().
case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID().
+#if defined(__NR_clock_gettime64)
+ case __NR_clock_gettime64: // Parameters filtered by RestrictClockID().
+#endif
+#if defined(__NR_clock_nanosleep_time64)
+ case __NR_clock_nanosleep_time64: // Parameters filtered by RestrictClockID().
+#endif
case __NR_clock_settime: // Privileged.
#if defined(__i386__) || \
(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
diff --git a/sandbox/linux/system_headers/arm_linux_syscalls.h b/sandbox/linux/system_headers/arm_linux_syscalls.h
index 1addd5384..5de2162f9 100644
--- a/sandbox/linux/system_headers/arm_linux_syscalls.h
+++ b/sandbox/linux/system_headers/arm_linux_syscalls.h
@@ -1385,6 +1385,14 @@
#define __NR_memfd_create (__NR_SYSCALL_BASE+385)
#endif
+#if !defined(__NR_clock_gettime64)
+#define __NR_clock_gettime64 (__NR_SYSCALL_BASE+403)
+#endif
+
+#if !defined(__NR_clock_nanosleep_time64)
+#define __NR_clock_nanosleep_time64 (__NR_SYSCALL_BASE+407)
+#endif
+
// ARM private syscalls.
#if !defined(__ARM_NR_BASE)
#define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
diff --git a/sandbox/linux/system_headers/mips_linux_syscalls.h b/sandbox/linux/system_headers/mips_linux_syscalls.h
index ddbf97f3d..fa01b3bbc 100644
--- a/sandbox/linux/system_headers/mips_linux_syscalls.h
+++ b/sandbox/linux/system_headers/mips_linux_syscalls.h
@@ -1433,4 +1433,12 @@
#define __NR_memfd_create (__NR_Linux + 354)
#endif
+#if !defined(__NR_clock_gettime64)
+#define __NR_clock_gettime64 (__NR_Linux + 403)
+#endif
+
+#if !defined(__NR_clock_nanosleep_time64)
+#define __NR_clock_nanosleep_time64 (__NR_Linux + 407)
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
--
2.21.1
|
